Information on OP-TEE and TEEs

Trusted Execution Environment

A Trusted Execution Environment (TEE) is a secure area of a "main processor". There are hardware solution where the secure area is on e.g. a chip or software solution where there is a software implementation to have such a secure environment in memory (RAM). The goals are data integrity and confidentiality. One Hardware implementation can be found in the Intel Processors with so called Software Guard Extensions (SGX). The feature set of SGX includes secure remote computation, secure web browsing, and digital rights management (DRM). One example of such a processor is the Intel Xeon processor Gen. 4. Apart from the features that SGX is offering there are other products that add features like concealment of proprietary algorithms and of encryption keys. See Wikipedia.

What is OPTEE?

OP-TEE is an open source project which contains a full implementation of a optee_info#Trusted Execution Environment. It is meant to be a companion to the non-secure Linux kernel. It is meant to be used with hardware that provides the Arm TrustZone technology. This is a hardware isolation mechanism. The goals of OP-TEE are:

1. Isolation - the TEE provides isolation from the non-secure OS and protects the loaded Trusted Applications (TAs) from each other using underlying hardware support,
2. Small footprint - the TEE should remain small enough to reside in a reasonable amount of on-chip memory as found on Arm based systems,
3. Portability - the TEE aims at being easily pluggable to different architectures and available HW and has to support various setups such as multiple client OSes or multiple TEEs.

Source About OP-TEE.